Hi Brian,
Thanks alot for the help and the time you offer.
I have a question regarding performance.
I am trying to get some ideas about SSL performance and I think the easiest
way to test it is by using stunnel. This way I don't need to modify
anything. But I have this doubt about how accurate is the numbers I would
get. Or is there a better way to test the performance of SSL it terms of
through put and bandwith.
Regards,
Bukhatir
Brian wrote:
> I know it is -C list for 3.x and cipher list for 4.x.
> What I meant is how to write it.
>
> Is it suppose to be on the client side or the server side. I assumed
that I
> should set the parameter on the server side but didn't work. This is
what
> I did
>
> ciphers = rc4-128-md5
> but it didn't work then I tried
>
> ciphers = rsa-rc4-128-md5
You can have any list on either side. The client will offer
the ciphers in it's list, and the server will pick one from
the client's list that is also on his list.
To get a list of acceptable ciphers, do 'openssl ciphers'
For example the default is
$ openssl ciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5
You can also list based on strength, for example
$ openssl LOW
$ openssl HIGH
man ciphers for more info.
--
Brian Hatch If work is so
Systems and terrific, why do
Security Engineer they have to pay
http://www.ifokr.org/bri/ you to do it?
Every message PGP signed
<< attach3 >>
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
